Compass Security Blog

A Blog about Information Security...

Month: October 2016

Bypassing Content-Security-Policy with DNS prefetching

Introduction The Content Security Policy (CSP) is one of the main web-based security mechanisms which helps websites’ owners to reduce their risks caused by Cross-Site-Scripting (XSS) or code injection attacks [1]. The CSP is nothing more than a policy that defines from where and to where a something can be loaded and fetched. This is […]

Continue reading

Android 7.0 Security Features: Direct Boot

Android 7.0 (Nougat) brings a lot of new interesting security features such as: Direct Boot Key Attestation Network Security Configuration Scoped Directory Access Media Server Hardening All of these topics are very interesting from a security perspective. However, in this blog post we will solely focus on Direct Boot. Motivation There are apps, which should […]

Continue reading